Vulnerability Disclosure Policy
At FileBridge, we take the security of our users' data seriously. We appreciate the efforts of security researchers who help us maintain the highest standards of safety and privacy. This policy outlines our process for receiving and handling reports of potential security vulnerabilities.
Reporting a Vulnerability
If you believe you've found a security vulnerability in FileBridge, please notify us as soon as possible by emailing:
Please include a detailed description of the vulnerability, including steps to reproduce it, the impact, and any supporting files or screenshots.
Guidelines for Responsible Research
We ask that you follow these guidelines when researching vulnerabilities:
- No Data Disruption: Do not attempt to access, modify, or delete data belonging to other users.
- No Service Interruption: Avoid testing that could result in a denial of service (DoS) or otherwise degrade the user experience.
- Responsible Disclosure: Provide us with a reasonable amount of time to resolve the issue before disclosing it publicly.
- No Social Engineering: Do not use phishing, social engineering, or physical security attacks against our employees or users.
Exclusions
The following categories are generally out of scope for our VDP:
- Missing security headers that do not lead to a direct exploit.
- SPF/DKIM/DMARC records.
- Clickjacking on pages without sensitive actions.
- Rate limiting issues unless they lead to a significant bypass.
Our Commitment
If you follow these guidelines when reporting a vulnerability to us:
We will acknowledge receipt of your report within 48 business hours.
We will provide an estimated timeframe for a resolution.
We will not pursue legal action against you for your research.
Last Updated: April 2, 2026